<?php
include_once ("mysqllib.php");
		session_start();
		ob_start();
		//connect to the database
		$db = new mysqllib();

		// username and password sent from form
		$myusername = $_POST['username'];
		$mypassword = $_POST['password'];

		// To protect MySQL injection (more detail about MySQL injection)
		$myusername = stripslashes($myusername);
		$mypassword = stripslashes($mypassword);
		$myusername = mysql_real_escape_string($myusername);
		$mypassword = mysql_real_escape_string($mypassword);

		//encrypt the password for more security
		$encrypted_mypassword = md5($mypassword);

		$sql = "SELECT * FROM User WHERE userName='$myusername' and password='$encrypted_mypassword'";
		$result = mysql_query($sql);

		// Mysql_num_row is counting table row
		$count = mysql_num_rows($result);

		// If result matched $myusername and $mypassword, table row must be 1 row
		if ($count == 1) {
			$data = mysql_fetch_array($result);
			// Register $myusername, $mypassword and redirect to file "loginSuccess.php"
			$_SESSION['idUser'] = $data['idUser'];
			$_SESSION['blocked'] = intval($data['blocked']);
			$_SESSION['status'] = $data['type'];
			$_SESSION["username"] = $myusername;
			$_SESSION["password"] = $encrypted_mypassword;
			header("location:index.php?page=videoList");
		} else {
			//error message , fail to login
			header("location:index.php?page=login&action=fail");
		}
		ob_end_flush();
?>